Global FinTech Guide
Country Name
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

National regulatory framework regarding Anti-money Laundering (AML) in China mainly consists of AML law, AML guidelines for banks and AML Measures for financial institutions. Chinese governments have started to put more stress on AML supervision by issuing more specific and detailed rules since 2021. AML supervision would be conducted through the whole process of finance business.

AML law of the PRC was first effective on 1 January 2007. The State Council anti-money laundering administrative authority is responsible for nationwide anti-money laundering supervision and administration.

PBOC and State Administration of Foreign Exchange issued the Guidelines for Anti-Money Laundering and Counter-terrorism Financing in Cross-border Services of Banks (for Trial Implementation) on 19 January 2021 (Guidelines). It is aimed to govern the cross-border receipt and payment activities in RMB and foreign currencies and domestic foreign exchange business activities of domestic and foreign institutions and individuals.

The PBC issued Measures for the Supervision and Administration of Anti-money Laundering and Counter-terrorism Financing of Financial Institutions on 15 April 2021 (Measures). It applies to every kind of financial institutions in order to establish and improve their internal control system for AML.

The PBC issued a notice on Strengthening Anti-money Laundering Supervision of Designated Non-financial Institutions in 2018, to specify the anti-money laundering obligations of certain non-financial institutions.

National regulator or relevant authority for AML controls

The State Council anti-money laundering administrative authority is responsible for nationwide anti-money laundering supervision and administration. It establishes an anti-money laundering information centre responsible for receiving and analysing reports on transactions with large amounts and suspicious transactions, reporting the analysis results to the State Council anti-money laundering administrative authority. The relevant departments and agencies of the State Council shall carry out anti-money laundering supervision and administration within their respective scope of duties. Meanwhile, PBC and its branches supervise and administer the anti-money laundering and counter-terrorism financing of financial institutions.

Customer Due Diligence

Conduct of a typical KYC identification process

Financial institutions shall establish a system of determining customer identity pursuant to the provisions of AML law. Guidelines have given requirements for banks with high standards on customer due diligence, including the overall principles, information, circumstances of being not approved and continuous identification obligations and measures have stipulated the requirements for financial institutions.

The overall principle of KYC is to ensure that the customers are qualified to engage in relevant businesses by presenting integrity and accuracy of their identity information. When a financial institution establishes a business relationship with a customer or provides one-off financial services such as cash remittance, currency exchange, bill discounting etc., the financial institution shall conduct verification and registration by requiring the customer to provide true and valid identification documents or any other form of identification document.

For cross-border transaction, banks shall identify the background information of customers, including but not limited to, the customers' money laundering and terrorism financing risk levels; violation records and bad records with relevant regulatory authorities and the banks; the customers' operating conditions; shareholders or actual controllers; beneficial owners, main affiliated enterprises and counterparties; credit records; financial indicators; sources and purposes of funds; intentions and nature of business relations; transaction intent and logic; foreign-related operations and cross-border receipts and payments; and whether they are political public figures.

By performing cross-border services, banks and financial institutions shall continuously identify and re-identify customers in accordance with laws and regulations.

Certain non-financial institutions shall follow up all of the above regulations to perform anti-money laundry and anti-terrorist financing obligations.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes, but financial institutions shall bear the ultimate liability for the KYC requirements themselves.

According to the Guidelines, banks could rely on a third-party organisation to identify customers, while they shall specify in contracts, agreements, or other written documents the duties of the third-party organisation for identifying customers and monitoring anti-money laundering and counter-terrorism financing. The third-party organisation is also required to develop qualified customer identification measures and implement such measures. Where a third party is relied on to identify customers, banks bear the liability arising from its failure to perform the obligation of identifying customers. Where a financial institution determines the identity of a customer through a third party, it shall ensure that the third party has adopted measures for determining customer identity which comply with the requirements of AML laws; where the third party has not adopted measures for determining customer identity which comply with the requirements of AML Law, the financial institution bears the liability of not fulfilling the obligation of determining customer identity.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes, but financial institutions still bear the ultimate liability to comply with the KYC requirements. Please see the above section 4. d. for further information.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

At the moment, there is no requirement for obtaining a license or registration. KYC service providers who are involved in the developing of software, application of cloud computing, and other technology application need to list the business scope during the registration process or apply for the license of SAAS, ICP, and other internet service-related licenses subject to requirements of market regulatory departments.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
Yes estate agents
Yes other persons trading high-value goods
No providers of gambling services



© 2022, JunHe LLP. All rights reserved by JunHe LLP as author and the owner of the copyright in this chapter. JunHe LLP has granted to Multilaw non-exclusive worldwide license to use and include this chapter in this guide and to sublicense Lexis Nexis, a division of RELX Inc. and its affiliates certain rights to use and distribute this guide.

The information in this guide provides a general overview at the time of publication and is not intended to be a comprehensive review of all legal developments nor should it be taken as opinion or legal advice on the matters covered. It is for general information purposes only and readers should take legal advice from a Multilaw member firm.


Choose country